-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathanvil.conf
232 lines (195 loc) · 12.8 KB
/
anvil.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
### This is the main Anvil! configuration file.
# To help understand how the Anvil! is used, some features will "call home" to record anonymous information
# about a machine participating in an Anvil! system. An example is DRBD's 'usage-count' option. If you wish
# to not have this happen, set this to '1'.
sys::privacy::strong = 0
### Features
# Normally, if one node in the Anvil! is healthier than the other, it will pull the servers from the peer
# on to it. This is a process called "preventative live migration". If you would like to disable this
# feature, set this to '1'.
feature::scancore::disable::preventative-live-migration = 0
# If a node is found to be powered off, and there is no reason recorded in the database, it will be booted.
# The assumption is that an accidental power off occurred. If you would like to have nodes that power off
# stay off until manually started, set this to '0'
#feature::scancore::disable::boot-unknown-stop = 1
### Database
# Database connections;
#
# Each Anvil! database is defined below using an incrementing counter as the second variable. The value of
# the second variable is the local 'host_uuid' (via: dmidecode --string system-uuid | perl -ne 'print lc').
# This ensures that entries can be moved and copied without causing conflicts.
#
# There are six variables for each database definition;
# host = This is the (resolvable) host name or IP address of the peer database.
# port = This is the TCP port used to connect to the database. By default, it is 5432
# password = This is the password used to connect to the database.
# NOTE: Do not directly change the database password. Please use 'anvil-update-password' so that
# the WebUI, database, nodes and peers are all kept in sync.
# ping = If set, this will cause a ping to be made against the database server before the actual
# connection is attempted. This can be useful when peer dashboards are offline for extended
# periods of time. The value can be any real number and will be used as the timeout for the actual
# ping. If the peer dashboard is on the same subnet, a value of '0.25' (250ms) should be a good
# balance between giving the peer a chance to reply and not waiting too long when it is offline.
# If the peer is remote, you will want to set this to '1' (1000ms) or higher.
#
# Setting this to '0' disables pinging before connecting entirely. In this case, if the peer is
# offline, it will take about 3 seconds on average for the connection attempt to timeout. This
# might be necessary if the peer dashboard is behind a firewall/router or otherwise can't respond
# to ICMP pings.
# NOTE: The database is called 'anvil' and the database owner is 'admin'.
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::host = localhost
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::port = 5432
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::password = Initial1
#database::eec27c2f-2308-4b4f-bd81-24118b53f8a3::ping = 1
# Below are the databases configured for use by this system. Please be careful manually editing them. They
# are updated by Striker and changes can be overwritten. Please do not alter or remove the 'start db list'
# and 'end db list' comments below.
### start db list ###
### end db list ###
# To keep Anvil!'s database growth in check, an auto-archive mechanism is used by some agents where, at the
# end of each scan, the number of records in the history schema for a given table are counted (restricted to
# the agent's host, when appropriate).
#
# When the number exceeds the trigger, the number of records that are archived is approximately (number of
# records above trigger + 'count'). This is not an exact number because a representative timestamp will be
# selected from the hostory schema at this count, and then any record equal to or older than the time stamp
# is removed.
#
# To protect against the potential of using too much disk space, archives are off by default. Under normal
# behaviour, old records are simple removed. To enable the archive function, set this to '1'.
#sys::database::archive::save_to_disk = 1
#
# When archiving to disk is enabled, to protect against large memory use or long archive times in the case
# where the number of records to archive are particularly large, the 'division' value is used to break up the
# archive job into "chunks". Generally speaking, the division should be greater than the count, and never be
# needed. However, if the archive process takes too long, or if the archive was triggered well above the
# trigger value, the division can help prevent using too much memory at once. If division is set to '0',
# archive jobs will never be divided.
#
# The archives are all stored in the specified directory using the name format
# '<agent>.<table>.<timestamp>.bz2' and the archives are synced between dashboards for safe keeping. Archive
# files are never removed automatically.
#
# To disable auto-archiving entirely, set 'trigger' to '0'.
#
# NOTE: If the archive directory doesn't exist, Anvil! will create it
# automatically the first time it is needed.
sys::database::archive::compress = 1
sys::database::archive::trigger = 500000
sys::database::archive::count = 100000
sys::database::archive::division = 125000
sys::database::archive::directory = /usr/local/anvil/archives/
# This puts a limit on how many queries (writes, generally) to make in a single batch transaction. This is
# useful when doing very large transacions, like resync'ing a large table, by limiting how long a given
# transaction can take and how much memory is used.
sys::database::maximum_batch_size = 25000
# By default, we try to determine the host type which anvil RPM is installed. If, for some reason, you want
# to statically assign the host type, you can do so with this variable. Note that this sets the host type of
# this host only. You will need to set this appropriately on other hosts.
#
# Normally, you should not need to set this.
#sys::host_type = node
# This configuration file provides a way to override Anvil::Tools' built-in defaults.
# This controls the default language. The value is the ISO code of the country's language you want to use by
# default. Note that the logging language is set with 'defaults::log::language' below.
# NOTE: Be sure the language exists before changing it!
defaults::languages::output = en_CA
# This controls how many loops Anvil::Tools::Words is allow to make while processing a string. This acts as a
# mechanism to exit infinite loops, and generally should not need to be changed.
defaults::limits::string_loops = 1000
### Logging options
# This controls whether all database transactions are recorded or not. Genreally this should be left off
# unless you are debugging the program.
# WARNING: This ignores 'secure', and will always be logged. Be careful about exposing sensitive data!
sys::database::log_transactions = 0
# By default, if a configured database is not accessible, a log level 1 alert is registered. This can cause a
# lot of log traffic. If you want to silence these log alerts, you can set the value below to be higher than
# your current active log level (default is '1', so set to '2' or '3' to silence).
# NOTE: It's important to only use this temporarily.
#sys::database::failed_connection_log_level = 2
# This controls what log facility to use by default.
# NOTE: This will always be 'authpriv' when a log entry is marked as secure.
defaults::log::facility = local0
# This controls what language logs are recorded in. Be sure that the language exists before changing it!
defaults::log::language = en_CA
# This controls the default log level. See 'perldoc Anvil::Tools::Logs' for details.
defaults::log::level = 1
# This controls whether sensitive log entries are logged or not. Generally, this should be left disabled!
defaults::log::secure = 0
# THis sets the default log server to send the log entries to. Leave it blank in most cases.
#defaults::log::server =
# This sets the default log tag used when logging an entry. Most programs will likely override this.
defaults::log::tag = anvil
### Install Target options
#
# Note; The Install Target function is not yet available.
#
# This section allows for adapting certain installations of systems via the Install Target feature.
# Generally, these don't need to be edited.
#
# This controls the keyboard configuration. See:
# - https://docs.fedoraproject.org/en-US/fedora/f28/install-guide/appendixes/Kickstart_Syntax_Reference/#sect-kickstart-commands-keyboard
#kickstart::keyboard = --vckeymap=us --xlayouts='us'
#
# This sets the default password of newly stage-1 built machines. Generally, this shouldn't be change. It is
# recorded in plain text and it is used in the stage-2 configuration tools.
#kickstart::password = Initial1
#
# This is the system timezone to be set. Generally, it's recommended to leave the Anvil! machines to UTC, but
# you might want to change this is if you spend time working directly on the various Anvil! cluster machines.
#kickstart::timezone = Etc/GMT --isUtc
# If this is set to '1', the packages used to build machines via the Install Target feature will not
# auto-update.
install-manifest::refresh-packages = 1
# This controls how often the local RPM repository is checked for updates. The default is '86400' seconds
# (one day). If anything, you might want to increase this. Common values;
# 86400 = Once per day
# 604800 = Once per week
# 2419200 = Once per month (well, 4 weeks)
install-manifest::refresh-period = 86400
### System functions
# The machines used in the Anvil! are treated as appliances, and thus fully under our control. As such, much
# of the system is monitored, managed and auto-repaired. This can frustrate sysadmins. As such, an admin may
# use the 'system::*' options to retake control over some system behaviour.
# Setting this to '0' will disable auto-management of the firewall.
#sys::manage::firewall = 1
# By default, the Anvil! will detect and configure the IPMI BMC (iDRAC, iLO, RSA, etc). To disable this, set
# this to '0'. Note that if you do this, you will need to ensure that IPMI-based fencing is configured
# properly!
#sys::manage::ipmi = 0
# By default, Anvil! nodes reserve 8 GiB of RAM for host OS use. That is to say, if a node (pair) has 128GiB
# of physical RAM, 120 GiB will be available for allocation to servers. Generally, this should NOT be reduced
# as doing so could trigger oom-killer (out of memory killer) to terminate servers. This is an integer
# representing the reserved RAM in MiB
# NOTE: Minimum is 1024, but really, never go below 4096 unless you _really_ know what you're doing.
#anvil_resources::ram::reserved = 8192
# If you wish to alter the amount of reservered RAM for a single Anvil! node, you can use:
#anvil::<anvil_uuid>::resources::ram::reserved = 8192
# When Zabbix is installed, the Zabbix server defaults to use port 80, which conflicts with Striker's use of
# port 80. As such, anvil-daemon checks to see if Zabbix is installed and, of so, updates it's apache config
# to use port 8080. If you want to use a different port (other than 80), you can do so below
#sys::port::zabbix = 8080
### Server related options
# This is the "short list" of servers shown when provisioning a new server. To see the full list of options,
# run '/usr/bin/osinfo-query os' and use here the 'Short ID' entries on any machine in the Anvil!.
#sys::servers::os_short_list = rhel9.4,ubuntu24.04,win2k19,win2k22
### Scan agent options
# All scan agent configurations have the format 'scancore::<agent_name>::<variable>'.
# An agent can be disabled on a given machine by setting the 'disable' variable.
#scancore::scan-network::disable = 1
# Logging can be set on a per-agent basis with:
#scancore::scan-network::log_level = 2
#scancore::scan-network::log_secure = 1
# By default, the Anvil! will manage the /etc/hosts file. If this is causing you issue, you can disable this
# behavious by setting this to '0'. Be aware of course that you will need to manually update or add entries
# going forward.
#sys::hosts::manage = 0
# By default, the Anvil! will try to auto-add Strikers found in the database that are not yet in this
# anvil.conf config file. This is meant to automate the rebuild of strikers. If you want to prevent this
# behaviour, set this to '0'.
#sys::striker::auto-add = 1
# During the startup of a machine, Network Manager can take a minute or two before the network is stable. By
# default, anvil-daemon and scancore will pause during startup, waiting for the network to stabilize. By
# default, Network->wait_for_network waits for five minutes. During the initial config, we keep this shorter.
# This value will be updated by anvil-configure-host when the initial configuration completes.
network::wait_for_network::timeout = 300